VulnerableCode Package Details - pkg:composer/facturascripts/facturascripts@2025.71.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/facturascripts/facturascripts@2025.71.0

purl	pkg:composer/facturascripts/facturascripts@2025.71.0

Next non-vulnerable version	2025.81.0
Latest non-vulnerable version	2025.81.0
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-ax8c-7sdd-uyhf Aliases: CVE-2026-23997 GHSA-4v7v-7v7r-3r5h	FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Observations field. The flaw occurs in the History view, where historical data is rendered without proper HTML entity encoding. This allows an attacker to execute arbitrary JavaScript in the browser of viewing the history by administrators.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:49:51.213835+00:00	GitLab Importer	Affected by	VCID-ax8c-7sdd-uyhf	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/facturascripts/facturascripts/CVE-2026-23997.yml	38.6.0